Patent Grant
7921165
This generally relates to transport systems and methods and, for example, the handling of messages such as email.
Frequently, transport systems such as email systems employ two transport components, a message store and a message transport agent (MTA) which constitute a log-shipping based mechanism. There is a window in such log-shipping based mechanisms during which mail in the last log file not shipped is not immediately available at the backup node. Additionally, logs can only be replayed before transactions are applied to the database. As a result, recovery of the log file after the secondary is re-started does not allow the transactions to be re-applied. Messages that may be lost because the delayed log file will include messages received from other users. Such lost messages do pass through the mail transport agent and are important to save.
Messaging system, like database and other storage systems, must exhibit ACID properties (atomic, consistent, isolated, durable). To achieve this, messaging systems employ ‘change logs’ in much the same way database systems do—record the change in the log, harden the log to persistent media, change the actual data, and continue. There is no need to harden the actual data change the ‘change log’ has been hardened and during restart from any error the change log will be used to make the data current.
In one embodiment, a message transport agent is used to provide an additional point of redundancy, to enable the recovery of messages. In another embodiment, mechanisms based on log shipping are implemented to provide a highly available shared-nothing system. There is no need to harden the actual data change because the ‘change log’ has been hardened and during restart from any error the change log may be used to make the data current.
Mail is retained after delivery, either mail of all recipients or mail for local delivery or both. Alternatively or in addition, retained mail based on total size and/or age is pruned and/or retained mail is re-injected on demand.
Other features will be in part apparent and in part pointed out hereinafter.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
Corresponding reference characters indicate corresponding parts throughout the drawings.
As illustrated in
Using such storage mechanism messaging systems face the same error recovery problems databases do, namely a current version of the log must be available to make the data current. This forces the messaging systems to assure the log is always available, and always current—which is expensive if the ‘recovery system’ is different than the system currently hosting the messaging system because that requires each update to the log to be made in at least two locations. The invention solves the ‘dual log update’ performance costs associated with a ‘recovery system’ for messaging by obviating the need to keep the change logs current at the ‘recovery system’ for many kinds of changes—those logs are now allowed to be somewhat stale. This reduces the performance impact of having a recovery system, and thus makes highly available messaging systems much more practical, and cost effective. In other words, messaging systems exploit information in the messaging systems transport layer to help make the data in the ‘recovery system’ current.
Messaging systems, unlike many traditional database systems, have a ‘transport subsystem’ atop the message store. This transport subsystem is responsible for routing the messages to the correct recipients even if the messaging servers for the recipients are current unavailable. It does this ‘guaranteed message delivery’ using a persistent queue mechanism. When a message is received for delivery or forwarding it is stored, then an attempt it made to deliver, or forward it. If that forwarding or delivery is successful the message is deleted from the queue, otherwise delivery/forwarding is attempted again after some period of time has expired.
As illustrated in
In one embodiment, the processor evaluates moved messages in the holding status with respect to a parameter and deletes selected messages in the holding status as a function of the evaluating. For example, the parameter may optionally comprise a maximum amount of memory. In this embodiment, the instructions to evaluate the moved messages in the holding status determines an amount of holding memory storing the messages in the holding status, and the instructions to delete at least some of the messages in the holding status when the determined amount of holding memory exceeds the maximum amount of memory. In addition, the system may optionally include delete messages as a function a limit or boundary such as at least one of a message age, a message size, a message date, and a message priority when the determined amount of holding memory exceeds the maximum amount of memory. For example, when the determined amount of holding memory exceeds a maximum amount of memory, a message having a sent date which is more than a certain amount of time (e.g., three (3) days) before the present time could be deleted. Alternatively or in addition, when the determined amount of holding memory exceeds the maximum amount of memory, a message having a size which is more than a certain maximum size (e.g., 10 MB) could be deleted. Alternatively or in addition, when the determined amount of holding memory exceeds the maximum amount of memory, a message having a particular date (e.g., a date calculated or indicated by an operator) could be deleted. Alternatively or in addition, when the determined amount of holding memory exceeds the maximum amount of memory, a message having a priority which is less than a certain minimum priority could be deleted. For example, messages having a priority of 7-10 may be deleted if the minimum priority is 6 in a priority system where messages have a priority of 1 to 10 with 1 being the highest priority and 10 being the lowest priority.
Alternatively or in addition, the system may manage or delete messages independent of when the determined amount of holding memory exceeds the maximum amount of memory. For example, the parameter may comprise a maximum message age. Instructions evaluate the moved messages in the holding status to determine an age of each message and instructions delete each message in the holding status when the determined age of the message exceeds the maximum message age, even if the determined amount of holding memory is less than the maximum amount of memory.
As another example, the parameter may comprise a maximum message size. Instructions evaluate the moved messages in the holding status to determine a size of each message. Instructions delete each message in the holding status when the determined size of the message exceeds the maximum message size, even if the determined amount of holding memory is less than the maximum amount of memory.
As another example, the parameter may comprise a maximum message date. Instructions evaluate the moved messages in the holding status to determine a date of each message. Instructions delete each message in the holding status when the determined date of the message exceeds the maximum message date, even if the determined amount of holding memory is less than the maximum amount of memory.
As another example, the parameter may comprise a minimum message priority. Instructions evaluate the moved messages in the holding status to determine a priority of each message. Instructions delete each message in the holding status when the determined priority of the message is less than the minimum message priority, even if the determined amount of holding memory is less than the maximum amount of memory.
The limits or boundaries noted above may be preset, fixed or variable, such as dependent on other aspects of the system or method. For example, the maximum amount of memory may vary depending on available memory. As another example, the minimum retained priority may vary based on available memory. As another example, the maximum message age may vary based on available memory. As another example, the maximum message size may change based on available memory. As another example, the oldest message date may change based on available memory.
It is contemplated that any of the above may be combined with other prioritization mechanisms. For example, mail that is more business critical is retained longer, and less critical mail is not retained, reducing the overall storage costs.
Optionally, the server 104 may be configured to execute computer-executable instructions to monitor mailboxes for failure and resend messages in the holding status to a failed mailbox.
Optionally, the server 104 may be configured to execute computer-executable instructions to receive a request for mail from a particular mailbox and to resend messages in the holding status to the particular mailbox in response to the received request.
One embodiment of the invention is that if transport does not delete those messages for some period of time (typically minutes) after successful delivery of the message, then that queue acts as a surrogate change log for the associated message store(s). Just as the recovery system can read the actual change log to make data current, it can also request recent messaging activity from the transport layer to similarly make the data current. Because there is now two potential sources of recovery data for that information, the recovery system change log AND the transport queues (which are now retaining information for some period of time even if the message has been successfully delivered) the message store can make the recovery system current if either the change log, OR transport is current. From this we then know we can avoid forcing the change log on the recovery system to be current if transport knows about the message. By eliminating the need to keep the change log on the recovery current in those cases, we have dramatically reduced the negative performance impact of having a recovery system—and thus made recovery systems for messaging more cost effective and practical.
One embodiment of an algorithm for recovery in a messaging system is:
Starting with a stale version of the data
While there are change log records to apply
With this change it becomes:
Starting with a stale version of the data
While there are change log records to apply
While there are messages in the transport queue
Similarly, a algorithm for forcing the change log in a message system is:
If the state of the database changed
Harden the change log to disk here
If there is a recovery system
This becomes:
If the data of the database change
The inclusion of the extra logic ‘if the change was not received from transport’ drops the cost of change logging because you only need to force the change log if the change did not come from the transport.
Referring to
The remainder of
Periodically at 310 and at 312, the messages moved to the holding status are evaluated with respect to a parameter. For example, the parameter may be the amount of background mail so that at 310 the amount of background mail is determined. Alternatively or in addition, the parameter that may be determined at 310 may be any one or more of the following in any combination: message age, message size, message arrival date, and/or message priority compared to other messages in the background store. At 314, selected messages in the holding status are deleted as a function of the evaluating at 310 and 312.
In one embodiment, the instructions for performing the method may be on one or more computer-readable media have computer-executable components executed by a computing device for performing the method.
In summary, in one embodiment, a system for handling messages comprises a processor (e.g., server 104) configured to execute computer-executable instructions to receive messages at 302, store the received messages in a foreground memory at 304, process the stored messages in the foreground memory at 306, send the processed messages at 306, and move the sent messages to a background memory at 308. At 310 and 312, the processor evaluates the messages in the background memory with respect to a parameter and at 314 deletes selected messages in the background memory as a function of the evaluating.
Thus, the instructions to move the sent messages to a background memory comprise instructions to redirect the sent messages to the background memory, which is different with respect to the foreground memory.
In operation, all mail that is under delivery flows through the transport. The transport durably commits this mail to storage before accepting responsibility for the mail. The mail is then relayed to its ultimate destination or a node closer to its destination. This may involve multiple transfers as the mail may be bifurcated. Once all of the responsibility for a mail item has been transferred to another node, the transport can delete its durable copy of the mail.
It is desirable to be able to limit the size of the transport store. Un-deleted mail could grow unbounded. In certain applications, this may be necessary and acceptable. Alternately, we may want to bound the size of this store. This could be performed on many parameters including the time when the message was first received, when it was last relayed and/or the total size of the store.
Build a common scanner to also handle ReInjection, based off of ChunkingScanner, following the pattern of StrandedMailScanner. Addition configuration may be added to control pruning parameters. Pruning parameters may control how much mail can be held (count, or total bytes), maximum age, priority and other message attributes.
Re-Injection
In the event that an administrator or automated system detects that the mail should be re-played, this may cause the transport to re-scan the mail that would have otherwise been deleted and send it again. The mechanism may be coupled by a capability in the message store to not present mail delivered multiple times to the user.
One embodiment of the present invention is directed to the embodiment illustrated in
In one embodiment, an additional RPC entry point may be added to initiate re-injection. Alternatively, the pattern of StrandedMailScanner may be followed or be invoked when replay is initiated meaning that the database can be re-scanned from start, of all items that are ready for re-injection.
Optionally, statistics about what mail was re-injected may be maintained.
Alternates
After sending at 306, messages may be dumped to a background file immediately. Alternatively, messages may be intercepted at a normal deletion point. Alternatively, messages may be appended/created to file tracking mail (e.g., to avoid NTFS CreateFile costs). It is typically more expensive to create new files than it is to append to existing files, so appending to an existing file may reduce costs.
Other alternatives include: including logic to start new files, pruning in the background through file system, re-injecting through pick-up directory and/or verifying that envelope information is sufficiently preserved. Files would be created over time as items are saved. But, in order to minimize the risk of this storage growing un-bounded, one option would be to have a background task to prune old files to keep the total storage bounded. One option is to do this through files by creating a single file of the right size and use it as a circular stream. Writing begins at the beginning of the circularly sized file and continues to the end of it. When writing reaches the end of the file, additional data is written to the beginning file. Thus, the size of the storage is managed and uses a bounded amount of space equal to the circularly sized file.
Another option to prune old files could be based on a target server receiving the files and based on a time during which the target server has replicated the received files. For example, if a given server X is known to have replicated all files received up to a time T, then such files could be pruned. In certain environments, this option may require keeping expanded address information.
In one embodiment, it is contemplated that disk I/O may be increased to accommodate such message handling as noted above.
It is also contemplated that in one embodiment the above may be applied to MTA resilience issues. For example, a second copy of a queue of messages of each MTA could be maintained on a second machine different from the MTA. In the event that the MTA has a hard crash and/or loses its queue, the MTA when restored would go back to each relay server to get them to re-relay lost mail. Lost mail would be identified by reference to the second copy of the queue on the second machine. Various techniques could be used to find the servers to re-relay lost mail. For example, every relay server could be queried. This embodiment adds a level of resilience to the MTA and, in one further embodiment, it is contemplated that it be implemented on hops after the first hop.
In summary, in one embodiment a system for handling messages comprises a processor 104 configured to execute computer-executable instructions to receive and/or send messages 302 and store at 304 a listing of the received and/or sent messages in a queue. The processor processes at 306 the stored messages and maintains a second copy of the queue with a separate machine. In the event that messages listed in the queue are lost, the lost messages listed in the second copy of the queue are recovered. For example, in the event that messages listed in the queue are lost, the processor contact each relay server to resend the lost messages listed in the second copy of the queue.
Having described various embodiments of the invention in detail, it will be apparent that modifications and variations are possible without departing from the scope of the various embodiments of the invention as defined in the appended claims.
The order of execution or performance of the methods illustrated and described herein is not essential, unless otherwise specified. That is, it is contemplated by the inventors that elements of the methods may be performed in any order, unless otherwise specified, and that the methods may include more or less elements than those disclosed herein. For example, it is contemplated that executing or performing a particular element before, contemporaneously with, or after another element is within the scope of the various embodiments of the invention.
When introducing elements of the various embodiments of the present invention, the articles “a”, “an”, “the” and “said” are intended to mean that there are one or more of the elements. The terms “comprising”, “including” and “having” are intended to be inclusive and mean that there may be additional elements other than the listed elements.
In view of the above, it will be seen that the several advantageous results attained.
As various changes could be made in the above constructions, products, and methods without departing from the scope of the various embodiments of the invention, it is intended that all matter contained in the above description and shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 3898623 | Cormier | Aug 1975 | A |
| 4402046 | Cox et al. | Aug 1983 | A |
| 5812793 | Shakib et al. | Sep 1998 | A |
| 5872930 | Masters et al. | Feb 1999 | A |
| 5941946 | Baldwin et al. | Aug 1999 | A |
| 6073142 | Geiger et al. | Jun 2000 | A |
| 6208720 | Curtis et al. | Mar 2001 | B1 |
| 6226666 | Chang et al. | May 2001 | B1 |
| 6249807 | Shaw et al. | Jun 2001 | B1 |
| 6256677 | Pribnow et al. | Jul 2001 | B1 |
| 6336135 | Niblett et al. | Jan 2002 | B1 |
| 6442546 | Biliris et al. | Aug 2002 | B1 |
| 6487586 | Ogilvie et al. | Nov 2002 | B2 |
| 6542075 | Barker et al. | Apr 2003 | B2 |
| 6628935 | Lawrence | Sep 2003 | B1 |
| 6647474 | Yanai et al. | Nov 2003 | B2 |
| 6658454 | Delany et al. | Dec 2003 | B1 |
| 6678828 | Pham et al. | Jan 2004 | B1 |
| 6704772 | Ahmed et al. | Mar 2004 | B1 |
| 6745303 | Watanabe | Jun 2004 | B2 |
| 6823349 | Taylor et al. | Nov 2004 | B1 |
| 6889231 | Souder et al. | May 2005 | B1 |
| 6889244 | Gaither et al. | May 2005 | B1 |
| 6931532 | Davis et al. | Aug 2005 | B1 |
| 6941459 | Hind et al. | Sep 2005 | B1 |
| 6961849 | Davis et al. | Nov 2005 | B1 |
| 6978367 | Hind et al. | Dec 2005 | B1 |
| 7155483 | Friend et al. | Dec 2006 | B1 |
| 7181017 | Nagel et al. | Feb 2007 | B1 |
| 7340438 | Nordman et al. | Mar 2008 | B2 |
| 7376957 | Scurlock, Jr. | May 2008 | B1 |
| 7395314 | Smith et al. | Jul 2008 | B2 |
| 7522908 | Hrastar | Apr 2009 | B2 |
| 7603423 | Ito et al. | Oct 2009 | B2 |
| 7660897 | Hall, Jr. et al. | Feb 2010 | B2 |
| 20010032245 | Fodor | Oct 2001 | A1 |
| 20010054073 | Ruppert et al. | Dec 2001 | A1 |
| 20020048369 | Ginter et al. | Apr 2002 | A1 |
| 20020099816 | Quarterman et al. | Jul 2002 | A1 |
| 20020120711 | Bantz et al. | Aug 2002 | A1 |
| 20020162047 | Peters et al. | Oct 2002 | A1 |
| 20020193128 | Park | Dec 2002 | A1 |
| 20020194335 | Maynard | Dec 2002 | A1 |
| 20030028580 | Kucherawy | Feb 2003 | A1 |
| 20030055903 | Freed | Mar 2003 | A1 |
| 20030061265 | Maso et al. | Mar 2003 | A1 |
| 20030074408 | Clark et al. | Apr 2003 | A1 |
| 20030149888 | Yadav | Aug 2003 | A1 |
| 20030154254 | Awasthi | Aug 2003 | A1 |
| 20030177194 | Crocker et al. | Sep 2003 | A1 |
| 20040059789 | Shum | Mar 2004 | A1 |
| 20040162880 | Arnone et al. | Aug 2004 | A1 |
| 20040167965 | Addante et al. | Aug 2004 | A1 |
| 20050015484 | Brazdrum et al. | Jan 2005 | A1 |
| 20050044151 | Jiang et al. | Feb 2005 | A1 |
| 20050081059 | Bandini et al. | Apr 2005 | A1 |
| 20050083915 | Mathew et al. | Apr 2005 | A1 |
| 20050091323 | Smith et al. | Apr 2005 | A1 |
| 20050108343 | Collet et al. | May 2005 | A1 |
| 20050149479 | Richardson et al. | Jul 2005 | A1 |
| 20050160248 | Yamagami | Jul 2005 | A1 |
| 20050188035 | Ueno | Aug 2005 | A1 |
| 20050198155 | Zakharoff | Sep 2005 | A1 |
| 20050198168 | Marston et al. | Sep 2005 | A1 |
| 20050198170 | LeMay et al. | Sep 2005 | A1 |
| 20050223085 | Giles et al. | Oct 2005 | A1 |
| 20050228867 | Osborne et al. | Oct 2005 | A1 |
| 20050256931 | Follmeg et al. | Nov 2005 | A1 |
| 20050262205 | Nikolov et al. | Nov 2005 | A1 |
| 20050278620 | Baldwin et al. | Dec 2005 | A1 |
| 20060010221 | Srinivasan | Jan 2006 | A1 |
| 20060089128 | Smith et al. | Apr 2006 | A1 |
| 20060155810 | Butcher | Jul 2006 | A1 |
| 20060168046 | Qureshi | Jul 2006 | A1 |
| 20060230174 | Hoche et al. | Oct 2006 | A1 |
| 20060253597 | Mujica | Nov 2006 | A1 |
| 20070100701 | Bocoon-Gibod et al. | May 2007 | A1 |
| 20070168336 | Ransil et al. | Jul 2007 | A1 |
| 20080060080 | Lim | Mar 2008 | A1 |
| 20080222127 | Bergin | Sep 2008 | A1 |
| 20080320486 | Bose et al. | Dec 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 0127772 | Apr 2001 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20070124484 A1 | May 2007 | US |
